- High Availability clustering
- SNAT/DNAT
- Policies section view
- Virtual Domains
- Logging and Reporting
- IPS
Security Consultant at Webernetz.net - Network Security Consulting
Cisco ASA vs. Fortinet FortiGate vs. Palo Alto vs. Juniper SSG
Since IPv6 gets more and more important, I am using it by default on all my test firewalls, which of course support IPv6. However, when comparing the different functions and administration capabilities, they vary significantly.
Here comes my short evaluation of the IPv6 functions on the following four firewalls: Cisco ASA, Fortinet FortiGate, Juniper SSG, and Palo Alto.
Criteria
I was merely interested in the basic IPv6 usage and not in the typical firewall categories:
- Interface: IPv6 address and link-local address configurable?
- Router Advertisement and DHCPv6: Whether the firewalls support nothing (–), only RA (-), DHCPv6 relay (ο), stateless DHCPv6 (+), or stateful DHCPv6 (++). The existence of stateless DHCPv6 is vital for delivering the DNS server IPv6 addresses to the clients. (The “IPv6 Router Advertisement Options for DNS Configuration”, RFC 6106, is not supported by any of these devices.)
- Security Policy: Whether IPv4 and IPv6 addresses can be used in the same policy and whether address groups can have objects from both protocols.
- Administration: How easy are the IPv6 functions to manage? Only via the CLI (–), fifty-fifty (ο), GUI but complicated (+) , or fully via the GUI (++).
Results
These are the results. They range from — via ο to ++.
|
Cisco ASA
|
Fortinet FortiGate
|
Juniper ScreenOS
|
Palo Alto
|
Version
|
9.2(3)
|
5.2.2
|
6.3.0r18.0
|
6.1.3
|
Interface
|
++
|
+
|
++
|
++
|
RA, DHCPv6
|
-
|
++
|
+
|
0
|
Security Policy
|
++
|
-
|
-
|
++
|
Administration | + | - | + | ++ |
Details
Cisco ASA
The Cisco ASA has no DHCPv6 instance running. That is: there is no way to run an IPv6-only network because clients won’t get the DNS server. The security policy is capable of both protocols. Everything is configurable via the GUI, which is not the best at all.
Fortinet FortiGate
The FortiGate is the only firewall with a stateful DHCPv6 server. Great. However, two distinct security policies must be used and nothing of the IPv6 settings are configurable via the GUI. WHAT???
Juniper SSG (ScreenOS)
ScreenOS is dead. However, most of the IPv6 functions are working quite good, except the protocol dependent security policies. Everything is accessible via the GUI, but sometimes on confusing positions.
Palo Alto
Palo Alto did a good job on the IPv6 interfaces and security policies. The GUI is quite intuitive and the policy accepts both protocols at the same time. Unluckily, there is no DHCPv6 server which makes it impossible to operate an IPv6-only client network behind a Palo Alto (without further servers).
Conclusion
It’s interesting to see the differences between those firewalls. While the Fortinet und Juniper firewalls support the whole SLAAC process incl. DNS servers, they have no single security policy for both protocols and are horrable to configure.
The Palo Alto is quite good to configure but lacks the DHCPv6 server. Same for the Cisco.
In summary, all firewalls position in the middle of my scale. From an IPv6-only view, I cannot say which one is the best. It depends….
Originally published on blog.webernetz.net
Disclosure: I am a real user, and this review is based on my own experience and opinions.

IP Senior Engineer at a comms service provider with 501-1,000 employees
It offers stability, scalability and plenty of security features. Enjoy fast and effective troubleshooting as everything is organized in a very understandable way.
What is most valuable?
How has it helped my organization?
It has made our daily operations easier, as well as adding security, and stability to them. Adding or removing security policies is simplified through its web interface, or CLI. Additionally, troubleshooting is fast and effective, as everything is organized in a very understandable way.
What needs improvement?
Its web interface needs to be more stable, and more functional, through the variety of browsers. Additionally a nice add-on would be a “diagnostic sniffer” capability in the web interface.
For how long have I used the solution?
I've used it for six years.
What was my experience with deployment of the solution?
With different browsers, the web interface crashes. On newer versions of Fortios the problem has been minimized.
What do I think about the stability of the solution?
Not at all, it is as stable as it should be.
What do I think about the scalability of the solution?
I believe that it is a little complex adding new firewalls in an existing cluster.
How are customer service and technical support?
Customer Service:
8/10.
Technical Support:9/10.
Which solution did I use previously and why did I switch?
We are using different firewall solutions, in parallel with the Fortigate ones.
How was the initial setup?
It was straightforward. Taking control of the device for first time is easy, and the cookbook manual is very helpful.
What about the implementation team?
A vendor team offered five day training but the implementation was in-house.
Which other solutions did I evaluate?
We evaluated other solutions, but I was not responsible for taking the final decision.
What other advice do I have?
Throughout the last six years we have been using Fortigate firewalls, and the experience we gained is only positive. These devices are easy to manage, operate and troubleshoot any issues that might rise. The use of virtual domains has added more security presence by only having one physical device, and it’s easy to create them. Also, by enabling other security features on the VDoms, the physical performance will not be affected.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Fortinet FortiGate
March 2025

Learn what your peers think about Fortinet FortiGate. Get advice and tips from experienced pros sharing their opinions. Updated: March 2025.
842,767 professionals have used our research since 2012.
Head Of Technology at a tech consulting company with 51-200 employees
Secure, good integration, and responsive technical support
Pros and Cons
- "FortiGate has a very strong unified threat management system."
- "If they could extend their fabric towards other vendor environments for integration, that would be great."
What is our primary use case?
We are a system integrator and Fortinet FortiGate is one of the products that we have implemented for our clients.
It is primarily used for VPN and remote access. More recently, we have been using it for SD-WAN.
How has it helped my organization?
This is a versatile solution and with it, we can offer our customers multiple functionalities. The Fortinet fabric goes across the entire enterprise.
What is most valuable?
The most valuable features are the security and the integration with the entire Fortinet product line, from access points to switching.
FortiGate has a very strong unified threat management system.
What needs improvement?
I would like to see integration into other systems. That would be really great for me. The fabric works well only if you're using other Fortinet devices, but they're not exactly the best in terms of switching or access points. If they could extend their fabric towards other vendor environments for integration, that would be great.
For how long have I used the solution?
I have been working with Fortinet FortiGate for the past few years.
What do I think about the stability of the solution?
This is a very stable product.
What do I think about the scalability of the solution?
Fortinet FortiGate is very scalable.
We have implemented it for 13 or 14 customers.
How are customer service and support?
I am familiar with technical support and they're very responsible. I haven't had any issues with them so far.
How was the initial setup?
The initial setup is straightforward. The length of time required for deployment depends on the customer's environment and use cases.
What about the implementation team?
We handle the deployment and maintenance of this product for our customers. We use the Fortinet tools, such as FortiManager and FortiAnalyzer to maintain it.
What's my experience with pricing, setup cost, and licensing?
Licensing is usually on a three-year period.
What other advice do I have?
Overall, this is a very good solution and in fact, a good starting point for a broader cyber security approach for the business.
I would rate this solution a nine out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Telecommunications Engineer at a university with 1,001-5,000 employees
Good network protection and configuration that is easy to set up and quick to deploy
Pros and Cons
- "The most valuable features are the policies, filtering, and configuration."
- "Technical support is good but the response time could be faster."
What is our primary use case?
We are using this solution to protect our network on every site. We are using it as a Network Firewall.
What is most valuable?
The most valuable features are the policies, filtering, and configuration.
What needs improvement?
Technical support is good but the response time could be faster.
When it's overloaded, it works slower and overheats.
The data analysis could be improved.
For how long have I used the solution?
I have been using Fortinet FortiGate for 15 years.
We are using the 100 models.
What do I think about the stability of the solution?
This solution is pretty stable.
What do I think about the scalability of the solution?
It's a scalable solution. I would rate it a seven out of ten.
We have 2,500 users in our organization.
How are customer service and technical support?
Technical support is good. I would rate them an eight out of ten.
Which solution did I use previously and why did I switch?
We have also used Huawei.
How was the initial setup?
The initial setup is straightforward. It's pretty easy.
At the very most, it takes a day to deploy.
What other advice do I have?
Before deciding to install this solution, be sure to conduct an analysis of your environment. You may need a larger one or this may be too big for their needs.
I would rate this solution an eight out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Director/Owner at Miodesk
Easy to use, well-priced, and scales to our requirements
Pros and Cons
- "The most valuable feature is the ease of use."
- "In the future, I would like to see improvements made to cloud-based management."
What is our primary use case?
We use this firewall as part of our security solution.
What is most valuable?
The most valuable feature is the ease of use. It's very simple and this is one of its advantages.
What needs improvement?
I would like to see the product updated more frequently.
In the future, I would like to see improvements made to cloud-based management. They already have some features for this, but it's very basic.
For how long have I used the solution?
I have been using Fortinet FortiGate for 15 years.
What do I think about the stability of the solution?
Stability-wise, this is a good solution.
What do I think about the scalability of the solution?
Scalability is good, we have about 5,000 users.
How are customer service and technical support?
I have never used technical support from the vendor.
What about the implementation team?
We have an internal team for deployment, maintenance, and support.
What's my experience with pricing, setup cost, and licensing?
The price of FortiGate is good.
What other advice do I have?
My advice for anybody who is implementing FortiGate that it is a great product and easy to use, but be careful which firmware you use.
I would rate this solution a nine out of ten.
Which deployment model are you using for this solution?
Hybrid Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
IT Specialist 3 at a financial services firm with 51-200 employees
Enables us to to set up remote systems and has good stability
Pros and Cons
- "The ability to set up remote systems is the most valuable feature."
- "They should improve the interface to make it more user-friendly."
What is our primary use case?
We use this solution as our firewall.
How has it helped my organization?
We have branches that we use for the net clients to VPN back into our network.
What is most valuable?
The ability to set up remote systems is the most valuable feature.
What needs improvement?
They should improve the interface to make it more user-friendly.
I would like to see some sort of reporting if there was an issue with the connecting network sources or connections.
For how long have I used the solution?
One to three years.
What do I think about the stability of the solution?
It's definitely stable. We haven't had any issues with it.
What do I think about the scalability of the solution?
I would rate the scalability an eight out of ten. We have just over 100 users using this solution.
How was the initial setup?
The initial setup was complex. The user interface was a little bit difficult so it made actually setting it up a little bit complicated. The deployment took a week to roll out four branches.
What about the implementation team?
We used an integrator for the deployment and had a good experience with them. They made it easier to get everything set up.
What's my experience with pricing, setup cost, and licensing?
There are no additional costs aside for the standard licensing fees.
What other advice do I have?
FortiGate is very good if you're thinking of expanding where you have remote offices, then it's a good solution.
I would rate this solution an eight out of ten.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
CTO at a comms service provider with 1,001-5,000 employees
Valuable option for security although unstable at times
Pros and Cons
- "It has improved our security capabilities."
- "There were quite a few problems with the stability of the system."
How has it helped my organization?
It has improved our security capabilities.
What is most valuable?
We find the most valuable aspect of this solution is the price. It is affordable and cheaper than other firewalls.
For how long have I used the solution?
Three to five years.
What do I think about the stability of the solution?
There were quite a few problems with the stability of the system but now it's working fine. I think it had to do with the complex environment, not because of the product itself.
What's my experience with pricing, setup cost, and licensing?
It is an inexpensive solution.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Tech Manager at Global tec
It is a reasonably priced solution for this type of product. It enables productivity of our organization to go smoothly.
Pros and Cons
- "It enables our organization to become more productive. Also, it protects our NEtWare from viruses and malware."
- "I think the only issue that needs improvement is the interface."
What is our primary use case?
We primarily use this for the Security Fabric feature. It works together with other Fortinet products like FortiWeb and FortiMail, as well as with Amazon products. There is a lot of integration.
How has it helped my organization?
It enables our organization to become more productive. Also, it protects our NEtWare from viruses and malware.
What needs improvement?
I think the only issue that needs improvement is the interface.
For how long have I used the solution?
More than five years.
What do I think about the stability of the solution?
It is a very stable product.
What do I think about the scalability of the solution?
Sometimes the solution is not scalable.
How is customer service and technical support?
Our experience with technical support has been very positive.
How was the initial setup?
It was very straightforward an easy for us to initially install.
What about the implementation team?
We always consider:
- Price
- Product success
What's my experience with pricing, setup cost, and licensing?
The price, in comparison to other products is very cheap.
Which other solutions did I evaluate?
Other products considered were Sophos and CiscoMaraki.
Disclosure: My company has a business relationship with this vendor other than being a customer: I am a reseller.

Buyer's Guide
Download our free Fortinet FortiGate Report and get advice and tips from experienced pros
sharing their opinions.
Updated: March 2025
Popular Comparisons
Netgate pfSense
OPNsense
Sophos XG
Cisco Secure Firewall
Palo Alto Networks NG Firewalls
Check Point NGFW
Azure Firewall
WatchGuard Firebox
SonicWall TZ
Juniper SRX Series Firewall
SonicWall NSa
Fortinet FortiGate-VM
Untangle NG Firewall
Sophos XGS
KerioControl
Buyer's Guide
Download our free Fortinet FortiGate Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- Comparison of Barracuda F800, SonicWall 5600 and Fortinet
- Sophos XG 210 vs Fortigate FG 100E
- Looking Into Implementing a Web Security Solution.
- Cyberoam or Fortinet?
- Fortinet, Palo Alto or Check Point?
- Which would you recommend to your boss, Fortinet FortiGate or Sophos UTM?
- What Is The Biggest Difference Between Cisco ASA And Fortinet FortiGate?
- Cisco Firepower vs. FortiGate
- We're trying to choose between Fortinet or Checkpoint UTM firewalls. Can you help?
- What Is The Biggest Difference Between Fortinet FortiGate and Meraki MX Firewalls?